The vendor reported a buffer overflow in the user authorization
code (CVE-2009-4893).

The vendor reported that the distributed source code of UnrealIRCd
was compromised and altered to include a system() call that could be
called with arbitrary user input (CVE-2010-2075).

Impact

A remote attacker could exploit these vulnerabilities to cause the
execution of arbitrary commands with the privileges of the user running
UnrealIRCd, or a Denial of Service condition. NOTE: By default
UnrealIRCd on Gentoo is run with the privileges of the "unrealircd"
user.